Skillv1.0.0

ClawScan security

book-write · ClawHub's context-aware review of the artifact, metadata, and declared behavior.

Scanner verdict

BenignMar 7, 2026, 1:51 AM

Verdict: benign
Confidence: high
Model: gpt-5-mini
Summary: The skill's behavior and requirements are consistent with a structured novel-writing assistant: it is instruction-only, requests no credentials or installs, and focuses on reading/writing a project directory and producing text according to a strict workflow.
Guidance: This is an instruction-only skill that appears coherent for structured novel writing. Before enabling it: (1) confirm and specify the exact project directory the skill should read/write so it doesn't access unexpected locations; (2) avoid placing sensitive data in that directory (these files will be created and stored persistently); (3) be aware the skill may perform online searches for references — if you want to restrict network access, do so; (4) provide any existing core files to limit what the skill will create or change, and ask the skill to request explicit confirmation before any modifying actions (the SKILL.md already prescribes this, but confirm at runtime); and (5) because the skill source is unknown, consider testing it on a disposable sample project first.

Review Dimensions

Purpose & Capability: okThe name and description match the SKILL.md: a full-process novel creation assistant that manages a structured set of reference and chapter files. There are no unrelated environment variables, binaries, or installs requested—everything requested (file-based content management and writing) is coherent with the stated purpose.
Instruction Scope: noteThe instructions require the agent to read, create, and update many files under a user project directory ({book-writer目录}/references/...), enforce strict sequencing and validations, and permit online searches for reference material. This is expected for a writing workflow, but the skill assumes filesystem and network access without declaring specific config paths or asking the user for a directory upfront — you should confirm where files will be stored and give explicit consent before the agent modifies local files. Also note the skill mandates user confirmation at key steps, which limits autonomous changes.
Install Mechanism: okNo install spec and no code files — instruction-only. This is low-risk from an installation perspective because nothing is downloaded or written to disk by an installer.
Credentials: okThe skill declares no environment variables, credentials, or config paths. Its need for filesystem access and optional web lookups is proportionate to a writing assistant and does not request unrelated secrets or cloud credentials.
Persistence & Privilege: okalways:false and user-invocable:true. The skill does not request forced persistent inclusion or system-wide configuration changes. It does require writing persistent files in the project directory (expected for its purpose); ensure you authorize only the intended directory.